nable (finops-mcp)
nable (finops-mcp) is a local-first FinOps MCP server that connects to AWS, Azure, GCP, Kubernetes, and 15+ SaaS providers (Datadog, Snowflake, OpenAI, etc.) to manage and optimize cloud costs directly inside AI editors like Claude and Cursor. Credentials are stored in the OS keychain and data stays local—no backend servers.
Here's what you can do:
Cost Visibility & Reporting
Summarize costs broken down by service, account, region, provider, or team (tag attribution)
Compare spend across cloud and SaaS providers; view daily/monthly trends and top cost drivers
Get a grand total combining cloud infrastructure + SaaS spend
Export reports as HTML or CSV; generate visual dashboards
Anomaly Detection & Alerts
Detect cost spikes/drops using z-score, CUSUM drift, and seasonal normalization
Set custom alert policies (thresholds, muting, glob patterns); acknowledge expected anomalies
Send on-demand or scheduled cost digests to Slack/Teams/email
Cost Optimization & Waste Detection
AWS: EC2/RDS/ECS Fargate rightsizing, idle resource detection (NAT Gateways, EBS, load balancers, Elastic IPs), CloudWatch log retention, S3 multipart cleanup, ECR image cleanup, public IPv4 audit, network/data transfer analysis, deep waste audit
Azure: VM rightsizing, Azure Advisor recommendations, reservation utilization, cost forecasts
GCP: Unattached disks, idle IPs, old snapshots, idle VMs
List and optionally clean up idle resources (with dry-run safety gate)
Kubernetes Cost Management
Break down costs by namespace, workload, label, or Helm release
Detect wasted spend, score cluster efficiency, estimate cost impact of a
helm diffbefore applyingCompare multiple clusters; label-based chargeback
Commitment & Rate Analysis
Analyze Reserved Instance and Savings Plan coverage, utilization, and waste
Savings Plan showback by team/tag; detect EDP discounts and private pricing
Budget Management
Create/update/delete budgets scoped to total, provider, team, or service
Check budget status; sync budgets from a YAML file for version-controlled limits
Savings Tracking & Recommendations
Track recommendations through their lifecycle (open → acted on → verified → dismissed)
View a savings ledger; measure recommendation accuracy over time with adaptive learning
Ticketing & Workflow Automation
Create tickets in Jira, Linear, or GitHub Issues for anomalies, rightsizing, K8s waste, or scorecard gaps
Efficiency Scorecard
Compute a 0–100 FinOps score across 5 dimensions: compute, waste, commitment, tag hygiene, and anomaly response
Compare team-level scorecards side by side
AWS Organizations & CUR/Athena (Team Plan)
Org-wide cost rollup with per-account and OU breakdowns
Per-resource costs, RI waste detail, and tag breakdowns from CUR via Athena
Infrastructure & Configuration
Manage multiple profiles for multi-account/multi-client setups
Check connector health, list configured accounts, run tag attribution, take cost snapshots on demand
Send onboarding/welcome emails; configure Slack and Teams notifications
Retrieves billing data from Cloudflare's Billing API for cost analysis.
Fetches real-time cost data from Datadog's Usage Metering API, enabling analysis of Datadog spend.
Retrieves GitHub Actions usage and Copilot seat costs for cost management.
Automates creation of Jira tickets for cost optimization recommendations, such as EC2 waste.
Retrieves MongoDB Atlas invoice data for cost monitoring.
Fetches data ingest volumes and user counts from New Relic for cost analysis.
Publishes cost analysis findings and reports to Notion for team collaboration.
Retrieves PagerDuty seat count for cost tracking.
Sends anomaly alerts and cost reports via Slack for real-time notifications.
Retrieves Snowflake usage costs from ACCOUNT_USAGE.METERING_HISTORY.
Fetches Twilio usage records for cost analysis.
Retrieves Vercel invoice data for cost management.
nable
FinOps MCP server for Claude and Cursor, across AWS, Azure, GCP, Kubernetes, and 15+ SaaS and AI providers.
The cost brain your AI agents check before they spend. Ask your whole cloud and AI bill anything inside Claude or Cursor, get genuine savings priced on your real rates, and the fix as a pull request you approve. One tool across AWS, Azure, GCP, Kubernetes, and 15+ SaaS and AI providers.
nable is FinOps that lives inside your AI. Ask Claude or Cursor about your cloud, SaaS, and AI spend and it answers with real numbers, priced on your actual rates, not list price. It finds the savings genuinely worth taking, proposes each fix as a pull request you approve, and checks the next bill to prove it worked. As your agents start spending real money, nable is the cost brain they check before they act.
Everything runs on your machine and your bill never leaves it, so the no-egress claim is something you can read in the source, not take on faith. Connect AWS or GCP by SSO login or a CLI profile and nable stores no secret at all, it just references your existing login; only keys you paste directly are encrypted in your OS keyring. It is read-only by default and never changes your cloud on its own. The local agent is open and auditable; a hosted platform is available for teams.
getnable.com · docs, quickstart, and the hosted platform

Free to start, runs on your Claude membership
uvx nable and ask away. nable runs as a local MCP server inside Claude Desktop, Claude Code, or Cursor, so your existing Claude Pro/Max or Cursor membership is the model. There is no Anthropic API key and no per-token cost. Tool calls count against your normal chat usage, the same as any long conversation, never a separate bill.
Cost queries, anomaly detection, and rightsizing findings are free forever. The agent team (the budget guard your agents check before they act, remediation PRs, and the learning loop) is Pro.
Quick start
Requires Python 3.11 or newer. The uvx command below fetches a matching Python for you. If you take the pip path instead, check yours first with python --version (or python3 --version). On older Python, pip reports No matching distribution found for finops-mcp.
Step 1: Install and run the setup wizard
Need uv? It is not preinstalled on macOS or most Linux:
curl -LsSf https://astral.sh/uv/install.sh | sh # macOS / Linux
# or: brew install uvThen:
uvx nableNo uv and don't want it? On Python 3.11+, pip install -U finops-mcp && finops welcome works too.
First run downloads dependencies, so give it a moment before the welcome screen appears.
The wizard walks through connecting your providers and auto-configures Claude Desktop at the end. No config file editing, no manual env vars.
Using Cursor? One-click install (opens Cursor and adds nable):
Then run finops setup once to connect a cloud account.
On Anaconda? Use uvx (isolated, won't touch your Anaconda environment):
brew install uv && uvx nable setupStep 2: Connect AWS (usually one keystroke)
finops setup awsThe wizard checks for AWS credentials you already have (an SSO login, an AWS CLI profile, or default credentials), shows you the account it found, and connects it when you confirm. If you use aws on this machine already, you will not type a single key.
Checking for AWS credentials on this machine...
✓ Found working credentials: profile 'default' -> account 1234
Connect this account? [Y/n]Only if no working credentials are found does it walk you through creating a read-only access key. Want the IAM policy to hand your platform team first? Run finops setup aws --iam-template.
Step 3: Restart Claude Desktop and ask
What are my AWS costs this month?Once you see a real cost breakdown, you're live. Also works with Cursor, Windsurf, and VS Code.
Free. The full local product, including the agent team, costs nothing right now. No credit card, no trial clock.
To add more providers later:
finops setup aws # add another AWS account
finops setup azure # add Azure
finops setup slack # configure alerts
finops setup license # activate a license key (Enterprise)Related MCP server: cloudscope-mcp
What you can ask
"What drove our AWS bill up 40% last month?"
"Which Kubernetes namespace is over-provisioned?"
"Are there any unusual cost spikes this week?"
"Which EC2 instances should we downsize?"
"Compare our cloud spend vs SaaS spend"
"Create a Jira ticket for any EC2 waste over $200/mo"
"Which team is spending the most on Datadog?"
"What will our AWS bill look like next month?"
"Show me RDS instances with low CPU that we could right-size"
"What's our effective discount rate from Savings Plans?"
Local-first and auditable
Your credentials are encrypted with Fernet and stored in your OS keyring (macOS Keychain, Windows Credential Manager, or libsecret on Linux). They never leave your machine. Cost data is cached in a local SQLite database, and nable has no backend, so we never see your cost data or credentials. One honest caveat: when you ask a question in your AI editor, the figures nable returns go to your editor's own AI to answer it, the same as any prompt, never to a nable server. If you need zero AI exposure, use the CLI (finops commands), which never touches a model. Teams share findings via Slack alerts, Notion publishing, and CSV exports. No shared database required.
nable is read-only by default. It never writes to your AWS account unless you explicitly enable cleanup mode. Run finops setup aws --iam-template to generate a least-privilege IAM policy with exactly the permissions nable needs.
None of this is take-our-word-for-it. Read the source, check the OpenSSF Scorecard, run finops-doctor to see exactly what nable touches, and set NABLE_NO_TELEMETRY=1 (or FINOPS_AIRGAP=1 to forbid every non-provider request) if you want it locked down.
Privacy Policy
Full policy: https://getnable.com/privacy
nable runs locally and is private by design:
Data collection. In local mode, nable collects no personal data on a server. Your cloud, SaaS, and AI billing data is read from your own provider APIs and cached only on your machine.
Usage and storage. Credentials are encrypted (Fernet) and stored in your OS keyring; cost data is cached in a local SQLite database on your machine. There is no nable backend in the local path.
Third-party sharing. nable does not sell, rent, or share your data. Your billing data and credentials are never sent to a nable server. When you ask a question in your AI editor, the figures nable returns are answered by your editor's own AI provider (the same as any prompt), never routed through nable. Optional integrations you configure (Slack, Notion, Jira, GitHub, email) send only the specific findings you direct to them.
Telemetry. Anonymous, opt-outable product telemetry (no credentials, no cost data). Disable with
NABLE_NO_TELEMETRY=1, or block all non-provider network calls withFINOPS_AIRGAP=1.Data retention. Local data lives on your machine until you delete it. Uninstall or clear the local store to remove it.
Contact. chaandannn@gmail.com.
The optional hosted/managed tier runs single-tenant with its own privacy terms at the link above; your data is never pooled with another customer's.
Manual Claude Desktop config
If finops setup doesn't auto-configure, run:
finops setup claudeOr add manually to claude_desktop_config.json:
With uvx (recommended):
{
"mcpServers": {
"nable": { "command": "uvx", "args": ["--python", "3.12", "finops-mcp"] }
}
}With absolute path:
{
"mcpServers": {
"nable": { "command": "/usr/local/bin/finops-mcp" }
}
}Use the path from which finops-mcp.
Config file locations:
macOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows:
%APPDATA%\Claude\claude_desktop_config.jsonLinux:
~/.config/Claude/claude_desktop_config.json
Why uvx? Claude Desktop is a GUI app and doesn't inherit your shell's PATH. uvx sidesteps this by running finops-mcp in its own isolated environment. It's the most reliable option on corporate machines with managed Python installs.
Give your agent cost controls
nable is not just tools your agent reads from. It is a pre-action gate your agent calls before it makes a cost-affecting change: it prices the change, checks it against your budget, and offers a cheaper path. It never applies anything itself. Propose-only, your agent proposes and a human approves.
Add one line to your agent's system prompt (Claude Code, Cursor, or any MCP client):
Before you apply any infrastructure change (a terraform apply, a helm upgrade, creating or resizing a resource) or start an expensive job, first call
check_action_policywith the action and the change (a terraform plan, a helm diff, or amonthly_delta_usd). Relay the verdict, the dollar impact, and the cheaper path when one is offered. Never apply ablockor anescalateaction; surface it to the human. nable is advisory and propose-only.
That turns any agent into a cost-aware one. The gate returns allow / warn /
block / escalate against your policy, the monthly and annual dollar impact, a
budget verdict labeled with its data age, and a spot alternative when the change is
compute. One-way doors (delete, terminate, buy a commitment) and over-budget changes
always escalate to a human.
Connectors (17)
Provider | What it pulls |
AWS | Cost Explorer (free tier) · CUR via S3 (Pro: line-item granularity, savings plans, reservations) |
Azure | Cost Management API · Advisor cost recs · VM rightsizing (Azure Monitor) · native budgets · forecast |
GCP | Cloud Billing API + BigQuery export |
Datadog | Usage Metering API v2: real dollar amounts |
Snowflake | ACCOUNT_USAGE.METERING_HISTORY |
Langfuse | Daily metrics API: model cost, token usage, trace volume |
MongoDB Atlas | Invoice API |
Twilio | Usage Records API |
Cloudflare | Billing API |
Vercel | Invoice API (Enterprise) |
New Relic | Data ingest + user counts |
Stripe | Fees and billing activity |
Databricks | DBU usage and SQL warehouse spend |
OpenAI | API usage and token spend by model |
Anthropic | Claude API usage and token spend |
Azure roles. The Azure tools span three RBAC roles, granted to the service
principal on each subscription. Without them, the affected tools return empty
results (run finops doctor to check):
Role | Unlocks |
Cost Management Reader | cost queries, budgets, forecast, cost-by-dimension |
Reader | Azure Advisor recommendations + VM list (rightsizing) |
Monitoring Reader | VM CPU metrics (rightsizing) |
# repeat per subscription
az role assignment create --assignee <client-id> --role 'Cost Management Reader' --scope /subscriptions/<sub-id>
az role assignment create --assignee <client-id> --role Reader --scope /subscriptions/<sub-id>
az role assignment create --assignee <client-id> --role 'Monitoring Reader' --scope /subscriptions/<sub-id>What nable actually does
nable is not just a connector that pipes billing data into Claude. It runs active analysis on your infrastructure and surfaces findings as tools Claude can reason about and act on.
Every finding is classified by how sure we are. A recommendation is something nable measured: a precise dollar figure, a safe fix, and a check that the savings actually landed on your next bill. An investigation is a signal worth confirming: an honest order-of-magnitude, never a fake-precise number, with the steps to confirm it. nable proposes, you approve, and it verifies. It never changes your infrastructure on its own.
AWS deep audit goes well beyond Cost Explorer. It pulls CloudWatch metrics for every running resource and flags waste that never shows up on your bill: gp2 volumes that should be gp3 (20% cheaper, same performance), unattached EBS volumes, idle NAT Gateways costing $32/mo in base charges, RDS backup retention set way too high, CloudWatch Log Groups with no retention policy growing forever, and Lambda functions allocated 2x the memory they actually use. Think of it as Compute Optimizer plus the layer underneath it.
Anomaly detection uses z-score, CUSUM drift, and day-of-week seasonal normalization. When something spikes, it drills into Cost Explorer by tag and tells you which team, environment, or service drove it. Anomaly findings and Slack/Teams alerts are free; auto-ticketing is a paid feature.
Rightsizing combines AWS Compute Optimizer with nable's own CloudWatch analysis. It gives you specific recommended instance types with estimated savings, not just a list of underutilized resources. Recommendations are free; ticket auto-creation is a paid feature.
Commitment analysis (a paid feature) models Savings Plans and Reserved Instance coverage against your actual usage. It shows your current effective discount rate, coverage gaps, and what you would save by purchasing additional commitments.
Open-core
The local agent is open-source and free: the MCP server, every connector, cost queries, anomaly detection, rightsizing, AI and LLM spend tracking, and remediation drafts (the PRs and tickets you approve). Run it on your machine, audit it, fork the connectors.
A hosted platform is available for teams who would rather have it run for them: a managed, single-tenant workspace with dashboards anyone can use without a terminal, SSO and roles, scheduled reports, and a managed AI agent. Single-tenant by design, your bill is never pooled with anyone else's.
See getnable.com/pricing for current plans: Community is free, Enterprise is custom.
License
This repository is Apache-2.0 in full: the MCP server and all tools, every connector, FOCUS normalization, anomaly detection, rightsizing, and the propose-only PR loop. Fork it, build on it. Cost-to-code attribution is part of the separate nable enterprise product.
The hosted enterprise layer (the web dashboard, SSO, the control plane, and managed-AI billing) is not part of this repo. It lives in a separate private repository and is offered as the hosted platform above.
Troubleshooting
finops-doctor # checks credentials, DB, network, audit log
finops setup claude # re-run Claude Desktop configuration onlySymptom | Fix |
Tools don't appear in Claude | Switch to uvx config or use absolute path |
| Re-install with |
AWS returns no data | Run |
| Your Python is older than 3.11. Check with |
| uv tried to compile cryptography from source on Python 3.10, which has no prebuilt wheel. Use 3.11+: |
Python 3.8 / 3.9 / 3.10 errors | nable requires Python 3.11+: |
Corporate SSL errors |
|
Permission denied | Install to user: |
Works at home, not at work | Use |
Docs
Full setup guide: getnable.com/docs
mcp-name: io.github.chaandannn/finops-mcp
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/chaandannn/finopsmcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server